I was recently messing around with ADFS and changing configuration settings and so forth based on this article:
http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-how-to-change-the-federation-service-name.aspx and the corresponding SetSPN article:
http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-how-to-configure-the-spn-serviceprincipalname-for-the-service-account.aspx
"The security database on the server does not have a computer account for this workstation trust relationship"
Of course, when I was making these changes, I was under the impression that the changes would be localized to ADFS--boy was I WRONG!!
After making these changes, silly me, I decided to go and run iisreset. Suddenly, I could no longer access Central Administration and the Application Pool for Central Admin would not start. So, SharePoint and Windows being what it is, I decided to re-boot the server to see if that would alleviate the problem.
Of course, when I tried to log back into the system, I got the following error message:
Unfortunately, since I was running a domain controller and ADFS on the same server, this left me with no ability to get back into the server to fix the issue!!
Thankfully, the installation was on a VM and I had made a recent backup. So all I had to do was simply restore the VM from a backup.
However, when working with ADFS and SetSPN--Be WARNED of the consequences of your actions!!
No comments:
Post a Comment